THIS PROGRAM
IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.LICENSOR MAKES
NO WARRANTIES OR REPRESENTATIONS, EXPRESSED OR IMPLIED, ORAL OR WRITTEN,
REGARDING THE PROGRAM OR DOCUMENTATION AND HEREBY EXPRESSLY DISCLAIMS ALL OTHER
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. LICENSOR DOES NOT WARRANT THE PROGRAM WILL MEET YOUR
REQUIREMENTS OR THAT ITS OPERATION WILL BE UNINTERRUPTED OR ERROR FREE.IN NO EVENT
WILL GEORGIA SOFTWORKS BE LIABLE TO YOU FOR ANY DAMAGES, INCLUDING ANY LOST
PROFITS, LOST SAVINGS OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT
OF THE USE OR INABILITY TO USE SUCH PROGRAMS.

COPYING:WHILE YOU ARE
PERMITTED TO MAKE BACKUP COPIES OF THE SOFTWARE FOR YOUR OWN USE AND
PROTECTION, YOU ARE NOT PERMITTED TO MAKE COPIES FOR THE USE OF ANYONE ELSE.

LICENSE:YOU ARE
LICENSED TO RUN THIS SOFTWARE ON A SINGLE WINDOWS SYSTEM. THE GEORGIA SOFTWORKS
BUSINESS TUNNEL SOFTWARE MAY BE INSTALLED ON A SINGLE WINDOWS SYSTEM.

Port
Forwarding is to assign all traffic originally directed to a port to be
redirected to a different port. Software ports are numbered connections that a
computer uses to sort types of network traffic.

SSH Tunnel Encapsulating
data using the SSH protocol before sending it to the SSH server.

Thank you for
purchasing the industrial grade Georgia SoftWorks Business Tunnel for Windows.

Business Tunnel - Business Sense

Provide secure access
and reliable connectivity for traveling employees, branch offices, remote
developers and work at home colleagues (and much more) to services at work and
away using SSH tunneling. The GSW Business Tunnel offers a business sense
approach to SSH Tunneling delivering commercial reliability, configuration and
management. Harness the power of SSH Tunneling without the past complexities
and frustrations associated with port forwarding or the expense and training
for VPN’s.

The GSW Business Tunnel
provides a graphical user interface for configuration, activation, management
and monitoring of SSH tunnels and their associated channels. Each SSH tunnel
may have multiple channels configured. A tunnel is the secure connection
between the GSW Business Tunnel software and a SSH Server. You then create one
or more channels within the tunnel that can be associated with various
protocols such as HTTP, POP, SMTP, RDP, etc. This will facilitate a secure
channel to perform various activities such as browsing the internet or a
company intranet, or checking email etc. where it is otherwise difficult,
expensive or not possible.

Persistent Connection – Set It and Forget It

With the GSW Business
Tunnel you create a secure persistent connection (tunnel) between the
computer initiating the tunnel and a computer running a SSH Server. The GSW Business
Tunnel runs as a service that provides a level of robustness and features not
available in stand-alone applications. The administrator of the tunnel can set
it up (configure the tunnel) and forget about it. It just runs. Although
typical networks may momentarily drop connections, the GSW Business Tunnel will
automatically reestablish the tunnel, completely transparent to the user. You
can “Set it and Forget it”.

The Best Security with built in Elliptic Curve Cryptography

Quickly gain security
conformance with the GSW Business Tunnel by using strong SSH Security when
browsing the internet, intranets, sending/receiving email, using remote desktop
and many other services.

NSA endorsed and NIST
recommended elliptic curve cryptography support is built-in providing some of
the strongest authentication and encryption available.

Configure your firewall
to block all incoming connections, but still allow secured access to company
services from remote employees without reconfiguring or weakening your firewall.
The Business Tunnel is configured from the company to ensure access only from
approved locations.

Enhance security by
providing connectivity to only the services required instead of opening up
access to all services as is often done. Secure typically nonsecure protocols
by encapsulation within the GSW Business Tunnel.

Additionally, the
Business Tunnel can secure customer TCP connections for all kinds of legacy
applications and bring them to compliance with security requirements.

Business Tunnel – the Sensible Solution

The GSW Business Tunnel
Management Tool offers an innovative approach in creating, operating,
organizing and monitoring secure tunnels bringing them into use by mainstream
business. There are no lengthy or complicated command lines that must be
entered over and over again, as can often be the case.

The GSW Business Tunnel
is lightweight, has a small footprint and is a minimally invasive solution.

You will be amazed how
your current understanding of port forwarding can easily be utilized with the
GSW Business Tunnel for Windows.

The Welcome screen of the setup program is displayed and
you are reminded and urged to exit all Windows programs before continuing. You
are also reminded that you must have administrative privileges to install this
program. Click Next.

A screen is displayed
indicating the directory where the Georgia SoftWorks Business Tunnel will be
installed. The default is C:\Program
Files (x86)\Georgia SoftWorks\Georgia SoftWorks Business Tunnel on
64-bit machines. On 32-bit machines the default is C:\Program Files\Georgia SoftWorks\Georgia
SoftWorks Business Tunnel

You may change the
installation directory at this time. Note: If you install on a drive other
than the system drive and have NTFS on the installation drive, then you must
make sure that the system has full permissions to get to the installation
directory and subdirectories. Click Next.

If you would like to use a different Program Folder Name,
then enter it here. Then Click Next.

To run the Georgia SoftWorks Business Tunnel for Windows
you must first register the software[1]. This entails just a
few steps that involve obtaining the Product ID and providing this identification
to Georgia SoftWorks so a Serial Number can be generated. - NOTE:
Read System Signature chapter at the end of manual.

Please complete the Customer Information including the
Purchased From field in the Registration Screen. Enter the name of the
software that will be your primary application to use with GSW Business Tunnel
in the Application software field.

1.The
registration information must be provided to Georgia SoftWorks to obtain the
Serial Number. Several methods are available for your convenience. Use the Save
to file button to save the registration information to a text file.

a.Save
the information to a file and attach it to a Support
Ticket. - Preferred and fastest method.

OR

b.Print
the information and Fax it to Georgia SoftWorks

Please print (using the Print
button on the registration screen) this information and fax to Georgia
SoftWorks: +1 706.265.1020

c.Call
us at +1 706.265.1018

You may close the registration program at this time. Once
Georgia SoftWorks receives the information, we can generate a Serial Number on
demand. We will reply back via the ticket system, email or fax.

2.When
the Serial Number is provided, run the Registration Program again and enter the
Serial Number. The easiest method to get the Serial Number is to highlight the
returned Serial Number and copy (ctrl-c).
Then position the mouse in the Serial Number field in the Registration Information box and paste (ctrl-v).

Notice that the Tunnel
Management Tool has a pane on the left that allows you to select Configuration
or Activity. The contents of the pane on the right are context sensitive and change
based on the Configuration or Activity item selected.

Selecting ConfigurationàTunnels
displays the tools to list, create, edit and delete tunnels and their
associated channels. The Local Ports in use by the tunnels can be viewed by:

ConfigurationàLocal Ports Usage

Activity monitoring can
be done by selecting the Tunnel, Channel or User under Activity.

When Configuration is selected in the pane on the left,
the right pane shows a configuration summary of the GSW Business Tunnel.
Quickly see the number of tunnels and channels configured and the number that
are active. The GSW Business Tunnel Software Version is also displayed.

Each
tunnel must have at least one channel to operate. However, you may configure
many channels for a single tunnel.

A
channel specifies the type of port forwarding, the local address/port and
remote address/port to use to access a specified service on a host. Services
such as POP, SMTP, RDP and HTTP are specified in the channel configuration. The
tunnel’s channel configuration also has an Enabled/Disabled setting. This
allows channels to be configured in advance and enabled only when needed.

Any
time a Tunnel or Channel is created or modified, the Business Tunnel must be
activated before any configuration changes can be used to establish the tunnel.
When the Business Tunnel is activated, all enabled tunnels and any associated
enabled channels start running and can be used.

Activating
the Tunnel restarts the GSW Business Tunnel Service. Please note that this will
stop and restart any tunnels and associated channels currently in operation.

At
this point you are ready to use the GSW Business Tunnel to gain SSH secured
access to a service.

Additional configuration may have to be performed to
browsers, email programs, etc. to utilize the tunnel. Please see the link to
examples on page 56.

If you have enabled more tunnels than your license allows
and you click Activate or Stop and Start the Business Tunnel service you will get an error
message indicating that some of your tunnels were not started because of your
licensing limits.

For example, when four tunnels are enabled and the license
is for three, the message in Figure 15 is displayed when the Activate button is
clicked or the service is restarted.

The corrective action is to either enable only the number
of tunnels your license allows or to purchase an upgrade for the Business
Tunnel to a license that allows a larger number of simultaneous enabled
tunnels.

Please note that you can configure as many tunnels as
needed. This way you can preconfigure all the various tunnels you may need and
simply disable / enable the ones needed at the specific time.

When ConfigurationàTunnels is
selected in the pane on the left, the top half of the Tunnels pane on the right
displays a summarized list of configured tunnels. The bottom half displays the
list of channels associated with the selected tunnel. All columns are sortable
by clicking on the column title in the standard Windows fashion.

Name is a name that
you give to the tunnel. It is recommended to name the tunnel something that
associates it with its purpose. For example, the name ‘Browse company intranet
from Laptop’ may be a good reminder that you would use this tunnel when you are
away from work but you need to browse the company intranet. This name is used
in the Activity panes.

Required:
Yes

Default:
N/A

Host is the IP
address or DNS name of the SSH Server where the tunnel will connect.

Required:
Yes

Default:
N/A

Host Fingerprint 1, Fingerprint
2and Fingerprint 3 are unique SSH
Server fingerprints that can be used to verify the server’s fingerprint.

Host Fingerprint 1, Fingerprint
2 and Fingerprint3 are unique SSH Server fingerprints that can be used to
protect you against a network attack known as spoofing: secretly redirecting
your connection to a different computer, so that you send your password to the
wrong machine. Using this technique, an attacker would be able to learn the
password that guards your login account, and could then log in as if they were
you and use the account for their own purposes. To prevent this attack, each
server has one, two or three unique identifying codes, called host
fingerprints. These fingerprints are created in a way that prevents one server
from forging another server's fingerprint. So if you specify fingerprint(s), then
connect to a server and it sends you a different fingerprint from the one you
were expecting the GSW Tunnel will fail the connection. On Unix systems you can
get the host fingerprints by running the commands:

Login is a Login Id
or user name that is required to connect to the SSH Server.

Required:
Yes

Default:
N/A

Use public key
allows you to specify public key authentication for SSH Server instead of
username/password authentication. Check this box to use public key
authentication.

Required:
N/A

Default:
N/A

Password/Re-enter Password
allows you to specify the Password associated with the Login Id.

When creating or editing a tunnel, if the Password and
Re-enter password do not match, the OK button at the bottom of the page will
not be enabled or you will get the text warning “mismatch” as shown below.

The More details
configuration section of the GSW Business Tunnel allows you to configure
information associated with compression, protocol, encryption and proxy
settings for the tunnel.

The More details section allows configuration of:

·Compression level

·Protocol

·Allow IPv6 addresses

·Use Proxy

·Advanced configuration section options are available by the More… button

Where

Compressionis
level of compression that is requested. No compression and levels 1 through 9
are available. Level 1 is the least amount of compression (fastest) and level 9
is the most amount of compression (slowest). Level 6 is the default.

Required:
N/A

Default:
6

Allow IPv6is
a checkbox that specifies to allow IPv6 addressing in addition to IPv4. The
default for IPv6 is disabled.

Required:
No

Default:
Disabled

Protocolis
the protocol to use. Options available are Negotiate, SSH1 or SSH2. SSH2 is
recommended and also the default. Other values are provided for backward compatibly
with less secure SSH1 solutions.

Required:
Yes

Default:
SSH2

Use Proxyspecifies
if the Tunnel is to use a Proxy when connecting to the host. If checked, the ‘Configure Proxy…” button is
enabled. Use Proxy is disabled by default.

Required:
Yes

Default:
Disabled (do not use proxy)

Configure Proxy

When the GSW Business
Tunnel is unable to establish a direct connection to the SSH Server, the proxy
option may be used. For example, if the Business Tunnel does not have access to
the internet, but a proxy machine does then you can use the proxy.

When the Configure
Proxy button is clicked, the following proxy configuration screen is displayed.

Please note that when configuration changes are made the
OK button becomes active.

The configuration changes are not saved until you click OK
which returns you to the Tunnel Settings screen and you click OK on the Tunnel
Settings screen.

Ciphers are symmetric
key encryption algorithms used by the SSH Transport Protocol to encrypt SSH
traffic. The GSW Business Tunnel allows specification of the ciphers to use and
the order preference when negotiating with the SSH Server..

Click on the Change… button and a dialog opens that shows
the Available ciphers on the left and the Selected ciphers on the right. The
Selected ciphers are the ones the Business Tunnel will presented to the SSH
server. If the SSH server does not offer any of the specified ciphers then the
Business Tunnel will not allow a connection to that SSH server. The Cipher
dialog is shown:

Select ciphers from the Available ciphers list on the
left. You can select one cipher at a time and move it to the list of Selected
ciphers on the right by clicking on the Greater Than “>” sign button. You
can select all the available ciphers by clicking on the double Greater Than
“>>” sign button. You can remove selected ciphers one at a time or all
selected ciphers in the same manner by clicking on the Less Than “<” or
double Less Than “<<” sign buttons.

The order of the selected ciphers set the preference that
the Business Tunnel will use when negotiating with the SSH Server. The first
in the list is the first preference, the second the next and so on. The details
of the selection process are governed by the SSH Transport Layer specification
RFC 4253. Discriminating users should consult RFC 4253 for the details.

The order preference of ciphers can be changed by
selecting the cipher and using the Up or Down button. In the example below the aes256-ctr cipher is selected. Use the
Up button to move it higher on
the preference list. Make it your first preference by moving it up to the top of
the list. Each time you click Up it moves the selected cipher up one.

Host Key Algorithms are
used to authenticate the server to the client. The Business Tunnel will propose
algorithms when negotiating with the SSH Server. The GSW Business Tunnel allows
specification of the allowed Host Key Algorithms and the order preference.

Figure 32: Change Host Key
Algorithms used to negotiate with the SSH server

Click on the Change… button and a dialog opens that shows
the Available host key algorithms on the left and the Selected host key
algorithms on the right. The Selected Host key algorithms are the ones that the
SSH Server may use with the GSW Business Tunnel. If the SSH server does not
offer any of the specified Host key algorithms then the Business Tunnel will
not allow a connection to that SSH server. The Host Key Algorithm dialog is
shown:

Select Host Key Algorithms from the Available host key
algorithm list on the left. You can select one algorithm at a time and move it
to the list of Selected host key algorithms on the right by clicking on the
Greater Than “>” sign button. You can select all the available host key
algorithms by clicking on the double Greater Than “>>” sign button. You
can remove selected host key algorithms one at a time or all selected host key
algorithms in the same manner by clicking on the Less Than “<” or double
Less Than “<<” sign buttons.

The order of the selected Host key algorithms set the
preference that the Business Tunnel will use when negotiating with the SSH Server.
The first in the list is the first preference, the second the next and so on.
The details of the selection process are governed by the SSH Transport Layer
specification RFC 4253. Discriminating users should consult RFC 4253 for the details.

The order preference of Host key algorithms can be changed
by selecting the Host key algorithm and using the Up or Down button. In the
example below the ecdsa-sha-nistp521selected
to move to the top. Use the Up
button to move it higher on the preference list. Make it your first preference
by moving it up to the top of the list. Each time you click Up it moves the selected
host key algorithm up one.

You can reorder by choosing items in the selected host key
algorithm list and using the Up

Be sure to click the OK button when you are done choosing
the Host Key Algorithms.

You will be returned to the SSH-2 algorithms preferences
dialog. The selected Host Key Algorithms are displayed as shown below. If no
Host Key Algorithms are shown then the default of all available Host Key
Algorithms is in effect.

Key Exchange Algorithms are
used to establish the shared secret needed to create the encryption key used by
ciphers. The Business Tunnel will propose algorithms when negotiating with
the SSH Server. The GSW Business Tunnel allows specification of the allowed
Host Key Exchange algorithms and the order preference.

Figure 38: Change Key Exchange Algorithms
used to negotiate with the SSH server

Click on the Change… button and a dialog opens that shows
the Available host key exchange algorithms on the left and the Selected key exchange
algorithms on the right. The Selected key exchange algorithms are the ones that
the SSH Server may use with the GSW Business Tunnel. If the SSH server does not
offer any of the specified key exchange algorithms then the Business Tunnel
will not allow a connection to that SSH server. The Key Exchange Algorithm
dialog is shown:

Select Key Exchange Algorithms from the Available key
exchange algorithm list on the left. You can select one algorithm at a time and
move it to the list of Selected key exchange algorithms on the right by
clicking on the Greater Than “>” sign button. You can select all the
available key exchange algorithms by clicking on the double Greater Than
“>>” sign button. You can remove selected key algorithms one at a time
or all selected key algorithms in the same manner by clicking on the Less Than
“<” or double Less Than “<<” sign buttons.

The order of the Selected key exchange algorithms set the
preference that the Business Tunnel will use when negotiating with the SSH
Server. The first in the list is the first preference, the second the next and
so on. The details of the selection process are governed by the SSH Transport
Layer specification RFC 4253. Discriminating users should consult RFC 4253 for the details.

The order preference of Key exchange algorithms can be
changed by selecting the Key exchange algorithm and using the Up or Down
button. In the example below the key exchange algorithm curve25519-sha256@libssh.org is moved to the bottom.

If no Host Key Algorithms are shown then the
default of all available Host Key Algorithms is in effect.

MACs (Message
Authentication Codes) is used for protecting data integrity by including it in
each packet. It is computed from a shared secret, packet sequence number and
the contents of the packet.

Figure 46: Change Message
Authentication Codes used to negotiate with the SSH server

Click on the Change… button and a dialog opens that shows
the Available MACs on the left and the Selected MACs on the right. The Selected
MACs are the ones that the SSH Server may use with the GSW Business Tunnel. If
the SSH server does not offer any of the specified MACs then the Business
Tunnel will not allow a connection to that SSH server. The MACs dialog is
shown:

Select MACs from the Available MACs algorithm list on the
left. You can select one MAC at a time and move it to the list of Selected MACs
on the right by clicking on the Greater Than “>” sign button. You can select
all the available MACs by clicking on the double Greater Than “>>” sign
button. You can remove selected MACs one at a time or all selected MACs in the
same manner by clicking on the Less Than “<” or double Less Than “<<”
sign buttons.

In this example insist that hmac-sha2-512
is used. So just click on the one from the available MACs.

The order of the selected MACs set the preference that the
Business Tunnel will use when negotiating with the SSH Server. If more than
one MAC is in the Selected MACs list the first in the list is the first preference,
the second, the next and so on. The details of the selection process are
governed by the SSH Transport Layer specification RFC 4253. Discriminating
users should consult RFC 4253 for the
details.

Be sure to click the OK button when you are done choosing
the MACs.

You will be returned to the SSH-2 algorithms preferences
dialog. The selected Host Key Algorithms are displayed as shown below.

Please note that enabled channels are not available for
use until the associated tunnel is Activated (see page 17
).

Name is a name that
you give to this Channel. It is recommended to name the channel something that
associates it with its purpose within the tunnel. For example, the name ‘Get Email
from Server from Work’ may be a good reminder

Required:
Yes

Default:
N/A

Forwarding Type is
the

Local Port Forwarding –
makes a port on a computer accessible to the SSH Server (the host that you are
connecting) available on your local machine running the tunnel.

Remote Port Forwarding –
makes a port on a computer accessible to the computer running the Business Tunnel available on the remote server.

Dynamic Port Forwarding –
opens a SOCKS 4/5 proxy on your local computer and forwards all the data to the
SSH Server

Required:
Yes

Default:
Local

Local Address value is
dependent on the type of forwarding selected

Local Forwarding:

Same
as Dynamic Forwarding

Dynamic
Forwarding:

This
is the address where the client software will be configured to connect to. You
can specify 127.0.0.1 if you do not want to share your channel with other
computers. You can specify 0.0.0.0 if you want to share your channel with all
client computers on all of your IP addresses. Or you can specify one of your IP
addresses for other computers to use.

Remote Forwarding:

This
is the address where client software would originally attempt to connect to if
tunnel was not used. The forwarded connection will be going to this address
through the channel you are about to create.

Required:
Yes

Default:
127.0.0.1

Local Port value is dependent
on the type of forwarding selected

Local
Forwarding:

This
is the port where client software will be configured to connect to. You will
put a port number that is currently not used on the computer running the GSW
Tunnel. A good rule of thumb is to add 10,000 to the port number you intend to
forward. For example, if you forward telnet (port 23) put 10023 here.

Dynamic
Forwarding:

This
is the port where client software will be configured to connect to. You will
put a port number that is currently not used on the computer running the GSW
Tunnel.

Remote
Forwarding:

This
is the port number where client software would originally attempt to connect to
if tunnel was not used. The forwarded connection will be going to this address
through the channel you are about to create.

Required:
Yes

Default:
10080

Remote Address is
the

Local
Forwarding:

This
is the address where the client software would originally connect to if tunnel
was not used

Dynamic Forwarding:

Not Used

Remote Forwarding:

This
is the address where the client software will be configured to connect to on
the remote end of the tunnel. You can specify 127.0.0.1 if you do not want to
share your channel with other computers. You can specify 0.0.0.0 if you want to
share your channel with all client computers on all of your IP addresses. Or
you can specify one of your IP addresses for other computers
to use.

Required:
Yes (only for Local and Remote Forwarding)

Default:
127.0.0.1

Remote Port is the

Local
Forwarding:

This is the port number where the client software
would originally attempt to connect to if tunnel was not used. The forwarded
connection will be going to this address through the channel you are about to
create.

Dynamic Forwarding:

Not Used

Remote Forwarding:

This
is the port where the client software will be configured to connect to. You
will put a port number that is currently not used on the computer running the
SSH server. A good rule of thumb is to add 10,000 to the port number you intend
to forward. For example, if you forward telnet (port 23) put 10023 here.

On each example page there is an example ID, a description
and a document number.

Example ID is a unique number that
identifies a specific example.

The Description gives a brief description
of the “Use Case” for the Business Tunnel.

The document number is a letter (D, L or
R) followed by a number. The D, L or R signifies if this example uses Dynamic,
Local or Remote Port forwarding. The number is the enumerated value signifying
the example number of that type. That is Example D01 is Dynamic port forwarding
example 01. D02 is Dynamic port forwarding example 02.

The GSW Business Tunnel is a client side tool and has low
CPU and RAM requirements so it can easily run on workstation class computer. We
do not make any direct CPU requests to reserve memory from the non-paged pool.
It is suggested to use 2GB RAM and CPU running at 1.5 GHz or more.

The GSW Business Tunnel must have access and
authentication credentials to a SSH Server. The SSH Server must have local and
remote port forwarding capabilities. There is no operating system requirement
for the SSH Server; however the GSW SSH
Server is an excellent choice when using a Windows Operating System.

The GSW Business Tunnel is licensed to have a maximum number
of Tunnels activated at a single time. You may have as many configured as you
need. This suits most users as you may have many configurations ready but only
need to activate a subset of the total at any one time.

GSW Business Tunnels are sold in packages with the ability
to have up to

3 concurrent tunnels active

5 concurrent tunnels active

10 concurrent tunnels active

25 concurrent tunnels active

50 concurrent tunnels active

100 concurrent tunnels active

on a single computer (laptop, VM, server etc.)

If the number of tunnels activated is greater than the
number purchased, a log entry is generated and only the number of tunnels
licensed will be activated.

The registration software obtains a system signature that
is unique to your system. This signature is an added security measure to inhibit
unauthorized personnel from obtaining working copies of the GSW Business Tunnel.

The signature is comprised of hardware and software
identifiers existing on your system which make the target system unique. These
identifiers are hashed into a Product ID so a Serial Number can be generated
from this Product id.

If major hardware components of your system are removed
replaced or modified your Serial Number may discontinue to work and you may
need a new Serial Number to obtain access to the GSW Business Tunnel. Please
contact Georgia SoftWorks Technical Support if needed.